Think twice before sharing your data

Who needs hospitals? We have smartphones, sensors and data!

According to Eric Topol, who is one of the leading voices in Digital Health, the smartphone is going to be the healthcare delivery platform of the future. Awesome right? No need to go into a hospital in the future, the app on your phone can record your blood pressure and transmit it to your doctor via the internet etc. 

Is it just a few rich people in California who believe this? Not according to Intel's latest research (see infographic below on what health information people are willing to share). The survey collected responses from people in Brazil, China, France, India, Indonesia, Italy, Japan and the United States. 84% would share their vital stats like blood pressure and 75% would share information from a special monitor that's been swallowed to track internal organ health. In fact, India is the country most willing to share healthcare information to aid innovation. Super awesome news, right?

Eric Dishman, Intel fellow and general manager of the company's Health and Life Sciences Group, says "Most people appear to embrace a future of healthcare that allows them to get care outside hospital walls, lets them anonymously share their information for better outcomes, and personalizes care all the way down to an individual's specific genetic makeup." 

Also, this week was the mHealth Summit in Washington, DC. It's the largest event of it's kind, over 5,000 people from around the world gathered. I attended last year, but participated this year from London via Twitter. Amazing energy and bold visions of the future on mHealth. 

In fact, this week, I also participated in the world's first G8 Dementia Summit via Twitter. "Big Data" captured from patients around the globe was cited by many of the leaders as one of the ways in which we can work to beat Dementia by 2025. Yes, the G8 put a rather ambitious  goal of a cure (or disease modifying drug) by 2025. Again, we just need to collect all this data from individuals, remove personal information, make it anonymised, and Global Health in the future will be transformed, right?

Easier said than done

Unfortunately, many of the people at conferences who are envisioning a world where we happily share our personal health data altruistically for the benefit of medical research to improve Global Health are unaware of the realities on the ground. "Big Data" seems to be inserted by anyone and everyone into their speeches and tweets. Doctors, politicians, and corporate leaders frequently use the phrase, in the hope that more people will sit up and pay attention to what they are saying.

Let's take anonymisation. If someone tells you that your personal data will be anonymised and then aggregated and made available to 3rd parties, you believe them, when they tell you your data can't identify you. Let's see what the report from the Royal Society in June 2012 said; 

"the security of personal records in databases cannot be guaranteed through anonymisation procedures"

"Computer science has now demonstrated that the security of personal records in databases cannot be guaranteed through anonymisation procedures where identities are actively sought"

It's good to have people like Professor Ross Anderson who dare to question the viability of anonymisation

Now, there are tens of thousands of health apps, and generally how many of us take the time to read terms and conditions before downloading any app, let alone a health app? We trust the brand, don't we? How do we determine as consumers and patients, whether a health app is safe to use? 

A company in the US, Happtique is working on a program of certification for health apps. Definitely a worthwhile initiative. So whilst I was monitoring the Twitter stream during the mHealth Summit, I noticed a software developer, Harold Smith, at the event had shared his blog post with his findings that there were security issues with some apps that had passed the certification process at Happtique. Yes, shocking news, but even more shocking is how a lot of people in this industry don't seem to care. Kudos to Happtique, they did react swiftly to this news by suspending their certification program

Here in the UK, the NHS have set up a health apps library. Their review process is listed too. Their website says, "All apps submitted to the Health Apps Library are checked to make sure that they are relevant to people living in England; comply with data protection laws and comply with trusted sources of information, such as NHS Choices". I've got no reason to doubt the security of the apps on the NHS library, but I'm curious - what if someone independent like Harold Smith took a look at these apps? What would his findings be? 

2014 & beyond 

In an ideal world, none of us as end users would have to worry about the security & privacy of our personal health data. We all want improved health, and improved healthcare, and we are told that mobile technology, sensors & big data could make the world a much better place. As a Digital Health Futurist, I truly want to believe that. 

However, the road ahead is potentially very dangerous, largely because the froth and hype in Digital Health is overshadowing the need to have an open and candid discussion in society on the risks and benefits of going down this road. Companies such as GE, Intel, & Cisco are pumping billions into the Internet of Things. This week the Allseen Alliance was announced, standards to allow different devices to connect to each other. Again, exciting stuff, right? 

Imagine, your smart toilet connected to your smart fridge connected to your smartphone. Personalised meal suggestions on your phone based upon the combination of the clinical analysis of your urine and what food you have remaining in your fridge? More data about our health, more data about us being transmitted between devices and apps using wifi. Hmmm, how many of us have stopped to reflect upon what safeguards are needed to prevent our bodies from being the target of hackers

In principle, I'm not against any company or government collecting more data about us and our health. If collecting more data can help us develop a cure for diseases such as Cancer or Dementia, that would be an amazing achievement for science. 

However, I do want all of us, wherever we live on this planet, to be able to make INFORMED choices about how we share our health data, and who we share it with. Who will drive conversations that lead to a society where we can make informed choices about our health data? How do we get informed consent to participate in data sharing initiatives from those members of society who are vulnerable, such as children or older people with Dementia? Is that even ethical? 

One piece of good news that came out this week is that the Data & Society Research Institute is a new non-profit organisation launching in 2014. Based in New York City, it will be dedicated to addressing social, technical, ethical, legal, and policy issues that are emerging because of data-centric technological development. 

bill-of-rights.jpg

Data about us may be the key to improving the health of 7 billion people, but that can only happen if our rights are protected at all times. The issues are common to all personal data, not just health data. Perhaps the way forwards is the creation of an international bill of digital rights?

 

[Disclosure: I have no commercial ties with any of the companies mentioned above]

Enter your email address to get notified by email every time I publish a new post:

Delivered by FeedBurner

Who Owns Your Health Data?

"Personal Data will be the new 'oil' - a valuable resource for the 21st century. It will emerge as a new asset class touching all aspects of society”. That's taken from the introduction of a report from the World Economic Forum published in January 2011. It's a fascinating read,  especially when they put forward the vision of a personal data ecosystem where individuals can have greater control over their personal data, digital identity and online privacy, and they will be better compensated for providing others with access to their personal data.

Sounds great, right? Sadly, it doesn't look like we are on the path to that vision.

For this vision to manifest itself, healthcare companies must buy into it, which means that they have to evolve their current business practices and models. The same is true for governments around the world. Given the recent revelations from Edward Snowden, making this vision a reality seems unlikely.

Does anyone believe we should own our health data?

Due to my background, I think a lot about our health data and the steps that we can take as citizens to help in the creation of this vision. I even gave a TEDx talk with my own ideas.

Though some leaders in the industry, such as Walter de Brouwer are stepping forward and bravely advocating that patients should own their own health data,  it's not the norm. Business models for free health apps are based upon users giving permission for those apps to collect, transmit, share and sell their users' personal data.

What are the current risks?

The current estimate is that are 40,000 health apps in the market place. In addition, a recent study by the Privacy Rights Clearinghouse stated that 72% of the assessed health apps presented medium to high risk of personal privacy violation. Additionally, of the free apps they reviewed, only 43% provided a link to a website privacy policy.

When was the last time you read through the terms and conditions, end user licence agreement or privacy policy BEFORE you agreed to download a health app? Take a look at this example of the privacy policy of Fitbit, would you read this?

Now, you may think that your health data alone is not that valuable, and you may well be right. However, if 100,000 people are using a health app, and a corporation accessing that data has heart rate, activity levels, sleep levels etc on all 100,000 people, then that 'cohort' of data becomes considerably more valuable. Whether it's scientists in a pharmaceutical company looking to understand people's health or a fitness company looking to understand which consumers to target for their next fitness product, getting access to this type of data unlocks new value for these organisations. That's not necessarily a bad thing, because we all want society to make progress in improving our health.

Unfortunately, I don't believe that consumers are currently able to make an informed choice. Unless you read through every line of all the policies, it's not that easy to find answers to these 3 questions;

Who owns your data?

Who has access to your data?

Who profits from your data?

Someone must be doing something to help answer these questions? 

The US government has recently published new proposals that lay out a "voluntary" Code of Conduct for mobile application short notices. Whilst it's a modest step forward, it's not enough. With almost 20 years of working with other people's personal data, I knew I had to do something.

As luck would have it, I was introduced to one of the leading  experts in security and privacy of health data, Dr Tyrone Grandison based in the USA. We identified the need for  a simple way of consumers being able to understand what they are agreeing to BEFORE they download a health app.

Dr Grandison and myself are working on a new service, launching this summer, called 'Who Owns Your Health Data?'. We hope that our service will allow each of you to make an informed choice when it comes to health apps. 

We are open to collaborating with others who share the same goal. Feel free to email us at info@woyhd.org